US main source of EU card fraud according to Europol

A report carried out by Europol has found that domestic card related fraud has been gradually falling since 2008 thanks to the widespread adoption of Chip and PIN. The adoption of EMV technology is also a reason for the decline of fraud, but it still pulls in around EUR1.5bn a year for criminal gangs, says Europol.

727 million payment cards alone were issued in 2011.The figures come from a report published to coincide with the opening of a new European cybercrime centre under Europol’s jurisdiction, which will be the EU’s focal point in fighting online crime carried out by organised gangs.

Progress in the fight against fraud is being undermined by a sharp increase in the level of illegal transactions overseas as crooks target cash machines and payment terminals in EMV-less places such as the Dominican Republic, Colombia, Russia, Brazil, Mexico, and, crucially, the US.

Consequently, in 2011, almost all fraudulent face-to-face transactions with EU cards took place overseas. The problem of illegal transactions in the US has been reported to Europol by all 27 EU member states.

The ultimate answer to this problem would be the implementation of the EMV standard on a global level, including making US merchants compliant, says Europol, adding that “specific discussions on that are currently ongoing, however it is difficult to predict if, and when, the final stage of compliance might be reached”.

In the meantime, the report backs ‘geoblocking’ – deactivating the mag-stripe and making cards chip-only. Having become the first country to introduce this, Belgium has seen skimming losses fall to nearly zero, says Europol.

The organisation admits though that geoblocking has its drawbacks, with users required to get their cards activated every time they visit a non-EMV compliant country.

Meanwhile, card-not-present fraud is on an upward trend, accounting for around EUR900 million of the EUR1.5 billion. Credit card information and bank account credentials are some of the most actively traded ‘goods’ on the Internet’s underground economy and this stolen data is used to create cloned cards which are used to make online purchases with EU suppliers, says Europol.

Most of the credit card numbers misused in the EU come from data breaches in the US and while investments by EU industry in the 3D secure protocol have helped, not all transactions are protected with it on an EU or worldwide level. To help it tackle the increasingly global nature of fraud, Europol is asking for new rules to enable it to work with non-EU police forces and a special mandate to dismantle criminal rings around the world. Common European legal systems for the security of online retail payments, as well as the mandatory reporting of financial data breaches, should also be considered, it recommends.